CVE-2021-44847

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44847
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44847.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-44847
Downstream
Related
Published
2021-12-13T01:15:07.730Z
Modified
2026-03-13T05:15:08.131407Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.

References

Affected packages

Git / github.com/toktok/c-toxcore

Affected ranges

Type
GIT
Repo
https://github.com/toktok/c-toxcore
Events
Introduced
a429ef4a28a5e5e0ad010efffb76d2abc3ada0af
Last affected
fc0cc08b2115d037551369f69519e95e841643aa
Introduced
5a45008ab91a65ab6c907efebf822612a17a639f
Last affected
9be4dbb4335bf7d893c8d00566d3276ab6dedd14
Database specific 
{
    "versions": [
        {
            "introduced": "0.1.9"
        },
        {
            "last_affected": "0.1.11"
        },
        {
            "introduced": "0.2.0"
        },
        {
            "last_affected": "0.2.12"
        }
    ]
}

Affected versions

v0.*
v0.1.10
v0.1.11
v0.1.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44847.json"